Analysis
-
max time kernel
148s -
max time network
137s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:07
Static task
static1
Behavioral task
behavioral1
Sample
91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html
-
Size
18KB
-
MD5
91e491aee6e44e81215720e70a33a82f
-
SHA1
45368fba1c41f7d285c6e84ed1ef5c65750ec050
-
SHA256
a6412479be27e07e577c1f9ae02d2347a2b9ac1b6039bc3871fdf64887af40cf
-
SHA512
09178b1e0cf3e6053b4ae5ec821bc1b3942b8870b15093b7883729708514d414d277628bc92b55f15e6b6c61e1c4d457eb1844d5b1ce097eac8f9a0fd10c2bcc
-
SSDEEP
384:SIMd0I5nvH4DnDf/JZxJ3aXoqsvW+ObxDB8:SE7DnDf/JZxJ3aXoqVNbA
Malware Config
Signatures
-
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Zoom iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{42F871F1-21AA-11EF-928E-6A2211F10352} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IntelliForms iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "423581930" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\IETld\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\LowRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\GPU iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\InternetRegistry iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\PageSetup iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2068 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2068 iexplore.exe 2068 iexplore.exe 2288 IEXPLORE.EXE 2288 IEXPLORE.EXE 2288 IEXPLORE.EXE 2288 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2068 wrote to memory of 2288 2068 iexplore.exe 28 PID 2068 wrote to memory of 2288 2068 iexplore.exe 28 PID 2068 wrote to memory of 2288 2068 iexplore.exe 28 PID 2068 wrote to memory of 2288 2068 iexplore.exe 28
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\91e491aee6e44e81215720e70a33a82f_JaffaCakes118.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2068 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2068 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2288
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5fd48e855adc15a36199f9df60da3c04f
SHA17f7b16e8e7b574f677de1e5d347c5fa02faa334b
SHA256232d801cd0685264044dd6eead53fea324ea7bd479c250bd5f4a77aeaaee1034
SHA512b0b912c27d3a98837a522d44a68ac6d5b0f6e31f0bef81605e0884d61dbd33a35ace45af7ec3027f01ba34a9ca8b44f47ecf396de8f3e23546b9dbedd10e850d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f3ba646848cd92f4f8a7ab51a62dd1b6
SHA192e681cea49ee0cd490004fc90ad9f8f80ea2787
SHA256a2b39dc18e2e137c30b59b10caa14fc114f452737218e64a9a3c5c4bf2d7d04e
SHA512dca8688ec634d5bd86437bc32e89b1c9930102b5aa7b0f6d3f476db84e3b67203b59d993afa97da833e4f0d83ee7d712c5b519dab401c182a51c27645e014593
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD557aa49f7e11848599acba804af3e47d1
SHA1242fb542f662befb657d8221af0c55214dfb172b
SHA25637476503de3c9be2ae4b9247f680b71fada06c57a6b48549673905c6af9f5dcf
SHA512ab5c6522cae3937ba23b279b1c2938dff71c1b1a5a6053a2d4322454cd0b6c7509cd1facb2bae602698313c2d06050461cec201c046f571c3ccb7758550c8654
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD57a700c770060b76ebf6404010af47f3a
SHA1f023c3f24ff0a1f85e262fccd6d93a3a6ca4df5e
SHA2563fc52c7d00b208d4d9eb2c8d52a3712c36f544366e2348da1bcf6733fba4f610
SHA5123d99b022edcffc7d61ff809a4ac764632140a64dfb786fa4bec02d078ff4b9b2230d0e09841def657d1f65a35b861590f5c3821c8c22b2363272e23e6497121f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD535bd43bb86ff713d585aa21e7d7868c0
SHA1ce13da6a3002069990c4bc2ba5b06db7af8a966b
SHA25696fd89f97e3bbf25f3d8357ad7b3859f62001839676e44ab5d265aab25168699
SHA512ba02e207252565049a44e999ba34187e6ddfad00aa7c951648222e6ff6572dda5589d1d0bdbf9c705a2456bf7a33fa32f0000d469f76700aeaf212b08af78aa5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD50f680e3bf9105ea333b370e623294359
SHA1338469e26236f11de344e073dac72502951d7649
SHA2565bbe3d6a59e89a58d18509ddc798ef76966d23ddd4fbf8149c03bf544c281b3d
SHA512b7b8558c8e228213b47f24e3461cff3e7cb8dbfceec802660a975324e1aa531c39696e0a7ca3fbdbc2686a93601b762f3a4f6dafb314fc22bb93dfe2dd6a8f93
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5d14e8b83b85e7c7eec77673aed3d00c9
SHA12a3d332a6cb5026fc86463b20d05c5e2ea0d0461
SHA2565d34c663d2cff8c881535fbd3340261dc7c8e3159b71a46d8f0fcc7fe5c8c475
SHA512a3444d8bab30bf9c2caf1333771428dadbcbb04a0bada742c9042a7ff982271e76dfa57de3b2790102a9feea3d9d3b7d51d31ae0934853ad65a81650f1d57361
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5ffb336dcb8bfe01f98bd3d43c6064905
SHA157cf7732aadad4002e65656f7362c630893eea2e
SHA256841686b8b497f11b1cc67163b9b3e858b4442b2d35760eff4345d29845eabafa
SHA512b4d89238e38dbe0272cd055b8c223beb65714d5433dd87c8cfa40954a615928940cf3621d9bf2e2ff99998f0eb13f96f53bb022dd0a32680493231edbd4b4f6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5f25339babc6a0f8f77aa4fce36b2eefa
SHA172b0126391da7ee8d3e8c88d7d07dafb9462ab51
SHA256139499f539c737b6425522bc3c1d8e7f9fe648ca68a280aa42537ff634649b83
SHA51245752fec3e3631aa6d716f34627004ad513a66f4e0f4955ac7287b319076b6d5aa4837b0702d3a72242a4a9d22896ddf86a4553a8017b92de4662cb665d4326f
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b